diff options
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/NEWS b/NEWS index b152488cee..4b7eeb4bc2 100644 --- a/NEWS +++ b/NEWS @@ -12,7 +12,13 @@ Version 2.21 6652, 12926, 14132, 14138, 14171, 15215, 15884, 17266, 17344, 17363, 17370, 17371, 17411, 17460, 17475, 17485, 17501, 17506, 17508, 17522, 17555, 17570, 17571, 17572, 17573, 17574, 17582, 17583, 17584, 17585, - 17589, 17594, 17616. + 17589, 17594, 17616, 17625. + +* CVE-2104-7817 The wordexp function could ignore the WRDE_NOCMD flag + under certain input conditions resulting in the execution of a shell for + command substitution when the applicaiton did not request it. The + implementation now checks WRDE_NOCMD immediately before executing the + shell and returns the error WRDE_CMDSUB as expected. * The minimum GCC version that can be used to build this version of the GNU C Library is GCC 4.6. Older GCC versions, and non-GNU compilers, can |